What are two features that help to mitigate man-in-the-middle attacks? (Choose two.)
Click on the arrows to vote for the correct answerA. B. C. D. E.
The primary Cisco IOS Software features on the Cisco Catalyst 6500E (Cisco IOS Software 12.2(33)SXI1) that was used to mitigate the MITM (ARP Poisoning) attack are DHCP Snooping and Dynamic ARP Inspection (referred to as DAI throughout this paper)
DAI has a dependency on DHCP Snooping.
In order to run DAI, DHCP Snooping must be enabled.http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html
Man-in-the-middle (MitM) attacks occur when an attacker intercepts communication between two parties to steal information or manipulate the communication. To mitigate MitM attacks, there are several features and techniques that can be implemented.
Of the options provided, two features that can help mitigate MitM attacks are DHCP snooping and dynamic ARP inspection.
DHCP Snooping: DHCP snooping is a security feature that prevents rogue DHCP servers from being introduced to a network. Rogue DHCP servers can be used by an attacker to offer an IP address to clients and then intercept their traffic. DHCP snooping intercepts all DHCP messages exchanged between clients and servers and allows only the authorized DHCP servers to allocate IP addresses to clients. This helps to prevent MitM attacks, as the attacker is unable to redirect traffic to their rogue server.
Dynamic ARP Inspection: Dynamic ARP Inspection (DAI) is another security feature that helps prevent ARP spoofing attacks, a type of MitM attack. ARP spoofing is an attack in which an attacker sends false ARP messages to associate their MAC address with the IP address of another device. DAI verifies ARP packets by intercepting all ARP requests and replies on untrusted ports, verifying that the MAC and IP address pairings are legitimate, and then forwarding the packets to their destination. If the pairing is not legitimate, the ARP packet is dropped. This helps to prevent MitM attacks, as the attacker is unable to associate their MAC address with the IP address of another device.
The other options listed in the question (ARP sniffing on specific ports, ARP spoofing, and destination MAC ACLs) do not directly mitigate MitM attacks. ARP sniffing on specific ports and ARP spoofing are actually techniques used by attackers to launch MitM attacks. Destination MAC ACLs are used to restrict traffic based on the destination MAC address, but they do not directly address MitM attacks.
In conclusion, DHCP snooping and dynamic ARP inspection are two security features that can help mitigate MitM attacks by preventing rogue DHCP servers and verifying ARP packets to prevent ARP spoofing attacks.